An issue exists in the pricing-table-by-supsystic plugin prior to 1.8.2 for WordPress. It allows XSS.
supsystic pricing table by supsystic